Automatic shutdown of infected network connections

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Sprint NOC? Are you awake now?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sean Donelan wrote:

> How many ISPs disconnect infected computers from the network?  Do you
> leave them connected because they are paying customers, and how else
> could they download the patch from microsoft?

As an aside:

As a corporation (no customers per-se), we disconnect infected computers 
_completely_ (via remote router/switch control tools).  We can do it 
automatically (via various detectors), but usually do it manually.

This is primarily to maintain service levels with non-infected stuff.

Fixing the computer is usually done by support staff.  Via CD if it's 
unsafe to reconnect the machine to the net.

If we get infested bad enough, we block the attack ports 
subnet-by-subnet as necessary until we've sterilized the subnet.

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Sprint NOC? Are you awake now?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]